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REMOTE ENTRY SYSTEM 
Field of the Invention 
The present invention relates to secure access systems and, in particular, to 
systems using wireless transmission of security code information. 

5 Background 

Fig. 1 shows a prior art arrangement for providing secure access. A user 401 
makes a request, as depicted by an arrow 402, directed to a code entry module 403. The 
module 403 is typically mounted on the external jamb of a secure door. The request 402 
is typically a secure code of some type which is compatible with the code entry module 

10 403. Thus, for example, the request 402 can be a sequence of secret numbers directed to 
a keypad 403. Alternately, the request 402 can be a biometric signal from the user 401 
directed to a corresponding biometric sensor 403. One example of a biometric signal is a 
fingerprint. Other physical attributes that can be used to provide biometric signals 
include voice, retinal or iris pattern, face pattern, pahn configuration and so on. 

15 The code entry module 403 conveys the request 402 by sending a corresponding 

signal, as depicted by an arrow 404, to a controller 405 which is typically situated in a 
remote or inaccessible place. The controller 405 authenticates the security information 
provided by the user 401 by interrogating a database 407 as depicted by an arrow 406. If 
the user 401 is authenticated, and has the appropriate access privileges, then the controller 

20 405 sends an access signal, as depicted by an arrow 408, to a device 409 in order to 
provide tiie desired access. The device 409 can, for example, be the locking mechanism 
of a secure door, or can be an electronic lock on a personal computer (PC) which the user 
401 desires to access. 

A proximity card can also be used to emit the request 402, in which case the 

25 code entry module 403 has appropriate functionaUty. 
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Although the request 402 can be made secure, either by increasing the number of 
secret digits or by using a biometric system, the communication infrastructure in Fig. 1 is 
typically less secure. The infrastructure 400 is generally hardwired, with the code entry 
module 403 generally being mounted on the outside jamb of a secured door. In such a 
5 situation, the signal path 404 can be over a significant distance in order to reach the 
controller 405. The path 404 represents one weak point in flie security system 400, 
providing an unauthorised person with relatively easy access to the information being 
transmitted between the code entry module 403 and the controller 405. Such an 
unauthorised person can, given this physical access, decipher the communicated 

10 information between the code entry module 403 and the controller 405. This captured 
information can be deciphered, replayed in order to gain the access which rightfully 
belongs to the user 401, or to enable modification for other subversive purposes. 

Current systems as depicted in Fig. 1 utilise a communication protocoL called 
'Wiegand" for communication between flie code entry module 403 and the controller 

15 405. The Wiegand protocol is a simple one-way data protocol that can be modified by 
increasing or decreasing the bit count to ensure uniqueness of the protocol among 
different security companies. The Wiegand protocol does not secure the information 
being sent between the code entry module 403 and the controller 405. 

More advanced protocols such as RS 485 have been used in order to overcome 

20 the vulnerability of the Wiegand protocol over the long distance route 404. RS 485 is a 
duplex protocol offering encryption capabilities at both the transmitting and receiving 
ends, ie. the code entry module 403 and the controller 405 respectively in the present 
case. The length of the path 404 nonetheless provides an attack point for the unauthorised 
person. 
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Due to the cost and complexity of re-wiring buildings and facilities, security 
companies often make use of existing commimication cabling when installing and/or 
upgraded security systems, thereby maintaining the vulnerability described above. 

Summary 

5 It is an object of the present invention to substantially overcome, or at least 

ameliorate, one or more disadvantages of existing arrangements. 

According to a first aspect of the present invention, there is provided a system 
for providing secure access to a controlled item, the system comprising: 
a database of biometric signatures; 
1 0 a transmitter subsystem comprising: 

a biometric sensor for receiving a biometric signal; 
means for matching the biometric signal against members of the • 
.database of biometric signatures to thereby output an accessibility attribute; and 

means for emitting a secure access signal conveying information 
15 dependent upon said accessibility attribute, wherein the secure access signal comprises 
one of at least a rolling code, an encrypted Bluetooth™ protocol, and a WiFi™ protocol; 
and 

a receiver sub-system comprising; 

means for receiving the transmitted secure access signal; and 
20 means for providing conditional access to the controlled item dependent 

upon said information. 

According to another aspect of the present invention, there is provided a 
transmitter sub-system for operating in a system for providing secure access to a 
controlled item, the system comprising a database of biometric signatures, a receiver 
25 sub-system comprising means for receiving a secure access signal transmitted by the 
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transmitter sub-system, and means for providing conditional access to the controlled item 
dependent upon information conveyed in the secure access signal; wherein the transmitter 
subsystem comprises: 

a biometric sensor for receiving a biometric signal; 
means for matching the biometric signal against members of the 
database of biometric signatures to thereby output an accessibility attribute; and 

means for emitting the secure access signal conveying said information 
dependent upon said accessibility attribute, wherein the secure access signal comprises 
one of at least a rolling code, an encrypted Bluetooth™ protocol, and a WiFi™ protocol. 

According to another aspect of the present invention, there is provided receiver 
sub-system for operating in a system for providing secure access to a controlled item, the 
system comprising a database of biometric signatures, a transmitter subsystem comprising 
a biometric sensor for receiving a biometric signal, means for matching the biometric 
signal against members of the database of biometric signatures to thereby output an 
accessibility attribute, and means for emitting a secure access signal conveying 
information dqjendent upon said accessibility attribute, wherein the secure access signal 
comprises one of at least a rolling code, an encrypted Bluetooth™ protocol, and a WiFi™ 
protocol; wherein the receiver sub-system comprises; 

means for receiving the transmitted secure access signal; and 
means for providing conditional access to the controlled item dependent 
upon said information. 

According to another aspect of the present invention, there is provided a method 
for providing secure access to a controlled item, the method comprising the steps of: 
receiving a biometric signal; 
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matching the biometric signal against members of a database of biometric 
signatures to thereby output an accessibility attribute; 

emitting a secure access signal conveying information dependent upon said 
accessibility attribute, wherein the secure access signal comprises one of at least a rolling 
5 code, an encrypted Bluetooth™ protocol, and a WiFi™ protocol; and 

providing conditional access to the controlled item dependent upon said 
information. 

According to another aspect of the present invention, there is provided a method 
for populating a database of biometric signatures in a system for providing secure access 
10 to a controlled item, the system comprising said database of biometric signatures, a 
transmitter subsystem comprising a biometric sensor for receiving a biometric signal, and 
means for emitting a secure access signal, and a receiver sub-system comprising means 
for receiving the transmitted secure access signal, and means for providing conditional 
access to the controlled item dependent upon information in said secure access signal, 
15 said method comprising the steps of: 

receiving a series of entries of the biometric signal; 

determining at least one of the number of said entries and a duration of each said 

entry; 

mapping said series into an instruction; and 
20 populating the database according to the instmction. 

According to another aspect of the present invention, there is provided a method 
for transmitting a secure access signal in a system for providing secure access to a 
controlled item, the system comprising a database of biometric signatures, a receiver 
sub-system comprising means for receiving the secure access signal transmitted by a 
25 transmitter sub-system, and means for providing conditional access to the controlled item 
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dependent upon information conveyed in the secure access signal, said method 
comprising the steps of: 

receiving a biometric sensor by biometric signal; 
matching the biometric signal against members of the database of 
5 biometric signatures to thereby output an accessibiUty attribute; and 

emitting the secure access signal conveying said information depmdent 
upon said accessibiUty attribute, wherein the secxire access signal comprises one of at 
least a rolling code, an encrypted Bluetooth™ protocol, and a WiFi™ protocol. 

According to another aspect of the present invention, there is provided a method 
10 for receiving a secure access signal in a system for providing secure access to a controlled 
item, the system comprismg a database of biometric signatures, a transmitter subsystem 
comprising a biometric sensor for receiving a biometric signal, means for matching the 
biometric signal against members of the database of biometric signatures to thereby 
output an accessibility attribute, and means for emittmg a secure access signal conveying 
15 information dependent upon said accessibiUty attribute, wherein the secure access signal 
comprises one of at least a rolUng code, an encrypted Bluetooth™ protocol, and a WiFi™ 
protocol, said method comprising the steps of: 

receiving the transmitted secure access signal; and 

providing conditional access to the controUed item dependent upon said 

20 information. 

According to another aspect of the present invention, there is provided a computer 
program product having a computer readable medium having a computer program 
recorded therein for directing a processor to provide secure access to a controUed item, 
said computer program product comprising: 
25 code for receiving a biometric signal; 
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code for matching the biometric signal against members of a database of 
biometric signatures to thereby output an accessibility attribute; 

code for emitting a secure access signal conveying information dependent upon 
said accessibility attribute, wherein the secure access signal comprises one of at least a 
5 rolling code, an encrypted Bluetooth™ protocol, and a WiFi™ protocol; and 

code for providing conditional access to the controlled item dependent upon said 
information. 

According to another aspect of the present invention, there is provided a computer 
program product having a computer readable medium having a computer program 
10 recorded therein for directing a processor to populate a database of biometric signatures in 
a system for providing secure access to a controlled item, said computer program product 
comprising: 

code for receiving a series of entries of the biometric signal; 
code for determining at least one of the number of said entries and a duration of 
15 each said entry; 

code for mapping said series into an instruction; and 
code for populating the database according to the instruction. 
According to another aspect of the present mvention, there is provided a computer 
program product having a computer readable medium having a computer program 
20 recorded therein for directing a processor to transmit a secure access signal in a system 
for providing secure access to a controlled item, said computer program product 
comprising: 

code for receiving a biometric sensor by biometric signal; 
code for matching the biometric signal against members of the database of 
25 biometric signatures to thereby output an accessibility attribute; and 
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code for emitting the secure access signal conveying said information dependent 
upon said accessibility attribute, wherein the secure access signal comprises one of at 
least a rolling code, an encrypted Bluetooth™ protocol, and a WiFi™ protocol. 

According to another aspect of the present invention, there is provided a computer 
5 program product having a computer readable medium having a computer program 
recorded therein for directing a processor to receive a secure access signal in a system for 
providing secure access to a controlled item, said computer program product comprising: 
code for receiving the transmitted seciure access signal; and 
code for providmg conditional access to the controlled item dependent upon said 
10 information. 

According to another aspect of the present invention, there is provided a system 
for providing secure access, the system comprising: 

a biometric sensor for authenticating the identity of a user; 

a transmitter for transmitting information using a secure wireless signal 
IS dependent upon a request from the user and the authentication of the user identity; and 

a control panel for receiving the information and for providing the secure access 
requested. 

Other aspects of the invention are also disclosed. 

Brief Description of the Drawings 
20 Some aspects of the prior art and one or more embodiments of the present 

invention are described with reference to the drawings, in which: 

Fig. 1 shows a prior art arrangement for providing secure access; 
Fig* 2 is a functional block diagram of an arrangement for providing secure 
access according to the present disclosure; 
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Fig. 3 shows an example of a method of operation of the remote cx)ntrol module 
of Fig, 2; 

Fig. 4 shows an example of a method of operation of the (fixed) control device 
of Fig. 2; 

5 Fig. 5 shows incorporation of a protocol converter into the arrangement of Fig. 

2; and 

Fig. 6 shows another example of how the remote access system operates; 
Fig. 7 shows an access process relating to the example of Fig. 6; 
Fig. 8 shows one enrolment process relating to the sample of Fig. 6; 
10 Fig. 9 shows another enrohnent process relating to the example of Fig. 6; and 

Fig. 10 is a schematic block diagram of the system ui Fig. 2. 

Detailed Description including Best Mode 
It is to be noted that the discussions contained in the "Background" section 
relating to prior art arrangements relate to discussions of documents or devices which 
15 form public knowledge through their respective publication and/or use. Such should not 
be interpreted as a representation by the present inventor(s) or patent applicant that such 
documents or devices in any way form part of the common general knowledge in the art. 

Where reference is made in any one or more of the accompanying drawings to 
steps and/or features, which have the same reference numerals, those steps and/or features 
20 have for the piirposes of this description the same function(s) or operation(s), unless die 
contrary intention appears. 

Fig. 2 is a functional block diagram of an arrangement for providing secure 
access according to the present disclosure. A user 101 makes a request, as depicted by an 
arrow 102, to a code entry module 103. The code entry module 103 includes a biometric 
25 sensor 121 and the request 102 takes a form which corresponds to the nature of the sensor 
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121 in the module 103. Thus, for example, if the biometric sensor 121 in the code entry 
module 103 is a fingerprint sensor, then the request 102 typically takes the foim of a 
thumb press on a sensor panel (not shown) on the code entry module 103. 

The code entry module 103 interrogates, as depicted by an arrow 104, a user 
5 identity database 105. Thus for example if the request 102 is the thumb press on the 
biometric sensor panel 121 then the user database 105 contains biometric signatures for 
authorised users against which the request 102 can be authenticated. If the identity of the 
user 101 is authenticated successfully, then the code entry module 103 sends a signal 106 
to a controller/transmitter 107. The controller/transmitter 107 checks, as depicted by an 
10 arrow 1 12, the current rolling code in a database 1 13. The controller 107 then updates the 
code and sends the updated code, this being referred to as an access signal, as depicted by 
an arrow 108 to a controller 109. The rolling code protocol offers non-replay encrypted 
communication. 

The controller 109 tests the rolling code received in the access signal 108 against 
IS the most recent rolling code which has been stored in a database 115, this testing being 
depicted by an arrow 114. If the incoming rolling code forming the access signal 108 is 
found to be legitimate, then the controller 109 sends a command, as depicted by an arrow 
1 1 0, to a controlled item 111. The controlled item 111 can be a door locking mechanism 
on a secure door, or an electronic key circuit in a personal computer (PC) that is to be 
20 accessed by the user 101. It is noted that the controller 109 contains a receiver 118 that 
receives the transmitted access signal 108 and converts it into a form tiiat is provided, as 
depicted by an arrow 120, into a form that the controller 109 can use. 

The code entry module 103 also incorporates at least one mechanism for 
providing feedback to the user 101. This mechanism can, for example, take the form or 
25 one or more Ligjit Emitting Diodes (LEDs) 122 which can provide visual feedback. 
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depicted by an arrow 123 to the user 101. Alternately or in addition the mechanism can 
take the form of an audio signal provided by an audio transducer 124 providing audio 
feedback 125. 

The arrangement in Fig. 2 has been described for the case in which the secure 
5 code in the access signal 108 used between the sub-systems 116 and 117 is based upon 
the rolling code. It is noted that this is merely one arrangement, and other secure codes 
can equally be used. Thus, for example, either of the Bluetooth™ protocol, or the Wi Fi™ 
protocols can be used. 

Rolling codes provide a substantially non-replayable non-repeatable and encrypted 

10 radio frequency data communications scheme for secure messaging. These codes use 
inherently secure protocols and serial number ciphering techniques which in the present 
disclosure hide the clear text values required for authentication between the key fob 
(transmitter) sub-system 116 and the receiver/controller 1 18/109. 

Rolling codes use a different code variant each time the transmission of the 

15 access signal 108 occurs. This is achieved by encrypting the data from the controller 107 
with a mathematical algorithm, and ensuring that successive transmissions of the access 
signal 108 are modified using a code and/or a look-up table known to both the transmitter 
sub-system 116 and the receiver sub-system 117. Using this approach successive 
transmissions are modified, resulting in a non-repeatable data transfer, even if the 

20 information from the controller 1 07 remains the same. The modification of the code in the 
access signal 108 for each transmission significantly reduces the likelihood that an 
intruder can access the information replay the information to thereby gain entry at some 
later time. 

The sub-system in Fig. 2 falling to the left hand side, as depicted by an arrow 
25 1 16, of a dashed line 1 19 can be implemented in a number of different forms. The sub- 
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system 116 can for example be incorporated into a remote fob (which is a smaU portable 
device carried by the user 101), or alternately can be moimted in a protected enclosure on 
the outside jamb of a secured door. The sub-system 116 communicates with the sub- 
system 117 on the right hand side of the dashed line 119 via the wireless communication 

5 channel used by the access signal 108. The sub-system 117 is typically located in an 
inaccessible area such as a hidden roof space or alternately in a suitable protected area 
such as an armoured cupboard. The location of the sub-system 117 must of course be 
consistent with reliable reception of the wireless access signal 108. 

Although typically the communication channel uses a wireless transmission 

10 medium, there are instances where the channel used by the access signal 108 can use a 
wired medium. This is particularly the case when the transmitter sub-system 116 is 
mounted in an enclosure on the door jamb rather than in a portable key fob. 

The biometric signature database 105 is shown in Fig. 2 to be part of the 
transmitter sub-system 116. However, in an alternate arrangement, the biometric 

15 signature database 105 can be located in the receiver sub-system 117, in which case the 
communication 104 between the code entry module 103 and the signature database 105 
can also be performed over a secure wireless communication channel such as the one 
used by the access signal 108. In the event that the secure access system is being ^lied 
to providing secure access to a PC, then the secured PC can store the biometric signature 

20 of the authorised user in internal memory, and the PC can be integrated into the receiver 
sub-system 117 of Fig. 1. 

In the event that the sub-system 116 is implemented as a remote fob, the 
combination of the biometric verification and the strongly encrypted wireless 
communication provides a particularly significant advantage over current systems. The 

25 remote key fob arrangement allows easy installation, since the wired communication path 



wo 2005/018137 PCT/AU2004/001083 

-13- 

404 (see Fig. 1) is avoided. Other existing wiring elements of the present systems 400 
caa be used where appropriate. When the sub-system 1 16 is implemented as a remote fob, 
the fob incorporates the biometric (eg fingerprint) authentication arrangement, in which 
case only one biometric signature is stored in the fob. This arrangement reduces the 

5 requirements on the central database 115. Once the key fob authenticates the user 
through biometric signature (eg fmgeiprint) verification, the rolling code in the access 
signal 108 is transmitted to the controller 109 for authorisation of the user for that 
location at that time. 

In addition to authenticating the user 101 the biometric sensor 121 in the code 

10 entry module 103 in conjunction with the controller 107 can also check other access 
privileges of the user 101. These access privileges can be contained in the database 105 
which can be located either locally in the remote key fob, or in the receiver sub-system 
117 as previously described. In one example, Tom Smith can firstly be authenticated as 
Tom Smith using the thumb press by Tom on the biometric sensor panel (not shown). 

15 After Tom's personal biometric identity is authenticated, the transmitter sub-system 116 
can check if Tom Smith is in fact allowed to use the particular door secured by the device 
1 1 1 on weekends. Thus the security screening offered by the described arrangement can 
range fi"om simple authentication of the user's identity, to more comprehensive access 
privilege screening. 

20 The incorporation of the biometric sensor 121 into the code entry module 103 in 

the form of a remote key fob also means that if the user 101 loses the remote key fob, the 
user need not be concerned that someone else can use it. Since the finder of the lost key 
fob will not be able to have his or her biometric signal authenticated by the biometric 
sensor 121 in the code entry module 103, the lost key fob is useless to anyone apart &oia 

25 the rightfiil user 101. 
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The transmitter sub-system 116 is preferably fabricated in the form of a single 
integrated circuit (IC) to reduce the possibility of an authorised person bypassing the 
biometric sensor 121 in the code entry module 103 and directly forcing the controller 107 
to emit the rolling code access signal 108. 

5 Fig. 3 shows the method of operation of the remote control module (ie the sub- 

system 116) of Fig, 2. The method 200 commences with a testing step 201 in which the 
biometric sensor 121 in the code entry module 103 checks whether a biometric signal 102 
is being received. If this is not the case, then the method 200 is directed in accordance 
with an NO arrow back to the step 201 in a loop. If, on the other hand, the biometric 

10 signal 102 has been received, then the method 200 is directed in accordance Avith a YES 
arrow to a step 202. The step 202 compares the received biometric signal 102 with 
information in the biometric signature database 105 in order to ensure that the biometric 
signal received 102 is that of the rightful user 101 of the sub-system 116. 

A subsequent testing step 203 checks whether the comparison in the step 202 

15 yields the desired authentication. If the biometric signature matching is authenticated, 
then the process 200 is directed in accordance with a YES arrow to a step 204. The 
authentication of the biometric signature matching produces an accessibility attribute for 
the biometric signal 102 in question. The accessibility attribute establishes whether and 
under which conditions access to the controlled item 111 should be granted to a user. 

20 Thus, for example, the accessibility attribute may comprise one or more of an access 
attribute (granting unconditional access), a duress attribute (granting access but with 
activation of an alert tone to advise authorities of the duress situation), an alert attribute 
(sounding a chime indicating that an unauthorised, but not necessarily hostile, person is 
seeking access, and a telemetry attribute, which represents a communication chaimel for 

25 commxmicating state information for the transmitter sub-system to the receiver sub- 
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system such as a "low battery** condition. The step 204 enables the user 101 to select a 
control option by providing one or more additional signals (not shoAvn) to the controller 
107. Thus for example the control option could enable the user 101 to access one of a 
number of secure doors after his or her identity has been authenticated in the step 203. In 
5 the subsequent step 205 the controller 107 sends the appropriate access signal 108 to the 
controller 109. The process 200 is then directed in accordance with an arrow 206 back to 
the step 201. 

Thus for example the sub-system 116 can be provided with a single biometric 
sensor 121 in the code entry module 103 which enables the user 101 to select one of four 

10 door entry control signals by means of separate buttons on the controller 107 (not shown). 
This would enable the user 101, after authentication by tiie biometric sensor 121 in the 
code entry module 103 and the controller 107 to obtain access to any one of the 
aforementioned for secxire doors. 

Returning to the testing step 203, if the signature comparison indicates that the 

15 biometric signal 102 is not authentic, and has thus not been received from the proper user, 
then the process 200 is directed in accordance with a NO arrow back to the step 201. In 
an alternate arrangement, the NO arrow from the step 203 could lead to a disabling step 
which would disable farther operation of the sub-system 116, either immediately upon 
receipt of the incorrect biometric signal 102, or after a number of attempts to provide the 

20 correct biometric signal 102. 

Fig* 4 shows the method of operation of the control sub-system 117 of Fig. 2. 
The method 300 commences with a testing step 301 which continuously checks whether 
the access signal 108 has been received from 107. The step 301 is performed by the 
controller 109. As long as the access signal 108 is not received the process 300 is 

25 directed in accordance with a NO arrow in a looping manner back to the step 301. When 
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the access sigual 108 is received, the process 300 is directed from the step 301 by means 
of a YES arrow to a step 302. In the step 302, the controller 109 compares the rolling 
code received by means of the access signal 108 with a reference code in the database 
115. A subsequent testing step 303 is performed by flie controller 109. In the step 303 if 
5 the code received on the access signal 108 is successfully matched against the reference 
code in the database 115 then the process 300 is directed in accordance with a YES arrow 
to a step 304. 

In the step 304 the controller 109 sends the control signal 110 to the controlled 
item 111 (for example opening the secured door). The process 300 is then directed from 

10 the step 304 as depicted by an arrow 305 back to the step 301. Returning to the testing 
step 303 if the code received on the access signal 108 is not successfully matched against 
the reference code in the database 115 by the controller 109 then the process 300 is 
directed from the step 303 hi accordance with a NO arrow back to the step 301. 

As was described in regard to Fig. 3, in an alternate arrangement, the process 

15 300 could be directed, if the code match is negative, from the step 303 to a disabling step 
which would disable the sub-system 117 if the incorrect code where received once or a 
number of times. 

Fig. 5 shows incorporation of a protocol converts into the arrangement of Fig. 
2. In the arrangement of Fig. 2 the receiver 118 m the controller 109 is able to directly 

20 receive and process the rolling code in the access signal 108 in a maimer as to provide, as 
depicted by the arrow 120, the necessary information to the controller 109. Fig. 5 shows 
how an existing controller depicted by a reference numeral 109' that uses Wiegand input 
signalling can be used in the disclosed arrangement when alarm systems are upgraded. 
Fig. 5 shows how the incoming access signal 108 is received by a receiver 118' as is the 

25 case in Fig. 2, In Fig. 5 however the receiver 118' provides, as depicted by an arrow 503, 
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the received rolling code from the access signal 108 to a rolling code/Wiegand protocol 
converter 501. The converter 501 converts, as depicted by an arrow 504, the incoming 
rolling code 503 to a form that can be used by the controller 109' that is designed to 
handle Wiegand protocol incoming signals. Therefore, the converted incoming signal 
5 504 is in the Wiegand format. 

The converter 501 uses a microprocessor-based arrangement nmning software code 
to process the inconung rolling code information 503 and decode this information 503 to 
clear text form. The converter 501 converts this clear text to a Wiegand variable bit- 
length data stream. In Fig. 2, the receiver 118 performs the conversion of the incoming 
10 rolling code access signal 108 to clear text which enables the controller 109 to identify the 
serial number of the originating key fob sub-system 1 16 to enable the access rights of the 
user to be verified. 

Further to the Wiegand conversion arrangement, the protocol converter 501 
approach can be adapted to convert between the incoming rolling code 503 (or any other 

15 appropriate secure code) to any other convenient protocol used by the controller 109', 

The advantage of the rolling codeAViegand converter 501 is that security system 
upgrades can be made without replacing Wiegand compatible controller 109'. 
Accordingly, existing systems as are described in Fig. 1 can be upgraded by replacing the 
code entry module 403 and the transmission path 404, leaving the other components of 

20 the system 400 (ie., the controller 405, the code database 407, and the controlled item 
409, together with existing wiring 408 and 406), largely intact. Minor modifications 
might however be necessary. When upgrading systems in this manner, the sub-system 
116 can either be used in a remote fob configuration, or can be placed in a secure housing 
on an external door jamb. 
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From a practical perspective, incorporating the protocol converter 501 into an 
existing controller 109' would require direct wiring of the converter 501 into the housing 
of the secure controller 109*. 

Fig. 6 shows another process 700 of operation of the remote access system. The 
5 process 700 commences with a step 701 that determines if a biometric signal has been 
received by the biometric sensor 121 in the code entry module in Fig. 2. If not, then the 
process 700 follows a NO arrow back to the step 701. If however a biometric signal has 
been received, then the process 700 follows a YES arrow to a step 702 that determines if 
the user ID database 105 in Fig, 2 is empty. This would be the case, for example, if the 
10 code entry module is new and has never been used, or if the user 101 has erased all the 
information in the database 105. 

If the database 105 is empty, then the process 700 is directed by an arrow 703 to 
706 in Fig. 8 which depicts a process 800 deaUng with the enrohnent or the 
administration function for loading relevant signatures into the database 105. If on the 
15 other hand the database 105 is not empty, then the process 700 is directed to a step 704 
that determines if the biometric signal that has been received is an administrator's 
biometric signal. 

The disclosed remote entry system can accommodate at least three classes of 
user, namely administrators, (ordinary) users, and duress users. The administrators have 

20 the ability to amend data stored, for example, in the database 105, while the ordinary 
users do not have this capability. The fnst user of the code entry module 103, whether this 
is the user who purchases the module, or the user who programs the module 103 after all 
data has been erased from the database 105, is automatically categorised as an 
administrator. This first administrator can direct the system 100 to either accept further 

25 administrators, or alternately to only accept furflier ordinary users. 
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Although the present description refers to *'users", in fact it is "fingers" which 
are the operative entities in system operation when the biometric sensor 121 (see Fig. 2) 
is a fingerprint sensor. In this event, a single user can enrol two or more of his or her own 
fingers as separate administrators or (ordinary) users of the system, by storing 
5 corresponding fingerprints for corresponding fingers in the database 105 via the 
enrohnent process 800 (see Fig. 8). 

Some class overlap is possible. Thus a stored signature can belong to an 
administrator in the duress class. 

The first administrator can provide control information to the code entry module 
10 by providing a succession of finger presses to the biometric sensor 121, providing that 
these successive presses are of the appropriate duration, the ^propriate quantity, and are 
input within a predetermined time. In one arrangement, the control information is 
encoded by either or both (a) the number of finger presses and (b) the relative duration of 
the finger presses. If the successive finger presses are provided within this predetermined 
15 time, then the controller 107 accepts the presses as potential control information and 
checks the input information against a stored set of legal control signals. 

One example of a legal control signal can be expressed as follows: 
'•Enrol an ordinary user"' -> dit, dit, dit, dah 
where "dit" is a finger press of one second's duration (provided by the user 101 in 
20 response to the feedback provided by the Amber LED as described below), and "dah" is a 
finger press of two second's dmration. 

In the event that a legitimate sequence of finger presses are not dehvered within 
the predetermined time, then the presses are considered not to be control information and 
merely to be presses intended to provide access to the controlled item 111. Legitimate 
25 control sequences are defined in Read Only Memory (ROM) in the controller 1 07. 



wo 2005/018137 PCT/AU2004/001083 

-20- 

The code entry module 103 has feedback signalling mechanisms 122, 
implemented for example by a number of LEDs, and 124, implemented by an audio 
transducer. The LEDs 122 and the audio transducer 124 are used by the controller to 
signal the state of the code entry module 103 to the user 101, and to direct the 
5 administration process. Thxis, in one example, three LEDs, bemg Red, Amber and Green 
are provided. 

When the Amber LED is flashing, it means "Press the sensor". When the Amber 
LED is steady ON, it means ^Maintain finger pressure". When the Amber LED is OFF, it 
means "Remove finger pressure". When the system enters the enrohnent state (depicted 
10 by the process 800 in Fig, 8), then the audio transducer 124 emits the '"beffn enrohnenf ' 
signal (dit dit dit dit) and the Red LED flashes. Enrohnent of a normal user (according to 
the step 807 in Fig. 8) is signalled by the OK audio signal {dit dit) and a single blink of 
the Green LED. 

Returning to the step 704, if the step determines that the biometric signal 
15 received is an administrator's signal, then the process 700 is directed by a YES arrow to 
706 in Fig. 8 as depicted by the arrow 703. If on tiae other hand, the step 704 indicates 
that the received biometric signal does not belong to an administrator then the process 
700 is directed by a NO arrow to 707 in Fig. 7. 

Fig. 7 shows the access process 600 by which a biometric signal 102 (see Fig. 2) 
20 is processed in order to provide access to the controlled item 1 1 1, or to take other action. 
Entering the process at 707 firom Fig. 6, the process 600 proceeds to a step 602 that 
compares the received biometric signature to signatures stored in the database 105, A 
following step 603 determmes if the received signal falls into the "duress" category. 
Signatures in this category indicate that the user 101 is in a coercive situation where, for 
25 example, an armed criminal is forcing the user 101 to access the secure facility (such as a 
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bank door). If the step 603 detennines that the signature is in the duress class, then a 
following step 604 prepares a "duress" bit for incorporation into the code access signal 
108. The aforementioned diuress bit is an access attribute of the biometric signal 102. 
Thereafter tiie process 600 proceeds to a step 605. 

5 Modules used in the code entry module for producing the rolling code enable a 

number of user defined bits to be inserted iato the access signal 108, and these bits can be 
used to effect desired control functions in the receiver sub-system 117. The disclosed 
system 100 utilises four such user bits, namely (a) to indicate that the user belongs to the 
duress category, (b) to mdicate a •'battery low" condition, or other desired system state or 

10 "telemetry" variable, for the code entry module 103, (c) to indicate that the biometric 
signal represents a legitimate user in which case the secure access to the controlled item 
1 1 1 is to be granted, or (d) to indicate that the biometric signal is imknown, in which case 
the controller 109 in the receiver sub-system 117 sounds an alert tone using a bell (not 
shown) or the like. 

15 Returning to Fig, 7, if the step 603 detennines that the biometric signal is not in 

the duress class, then the process 600 proceeds according to a NO arrow to the step 60S. 
The step 605 determines if the code entry module 103 has a low battery condition, in 
which event the process 600 proceeds according to a YES arrow to a step 606 that 
prepares a telemetry bit for insertion into the access signal 108. The aforementioned 

20 telemetry bit is an access attribute of the biometric signal 102. Thereafter, the process 
proceeds to a step 607. 

If the step 605 determines that telemetry signalling is not required, then the 
process 600 proceeds according to a NO arrow to the step 607. The step 607 checks the 
biometric signal against the signatures in the database 105. If the received biometric 

25 signal matches a legitimate signature in the database 105, then the process is directed to a 
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step 608 that prepares an "access" bit for insertion into the access signal 108. This access 
bit directs the controller 109 in the receiver sub-system 117 to provide access to the 
controlled item 111. The aforementioned access bit is an access attribute of the biometric 
signal 102. The process 600 then proceeds to a step 610. 
5 If the step 607 determines that the biometric input signal does not match any 

legitimate signatures in the database 105, then the process 600 proceeds according to a 
NO arrow to a step 609 that prepares an "alert" bit for insertion into the access signal 108. 
The aforementioned alert bit is an access attribute of the biometric signal 102. This alert 
bit directs the controller 109 (a) not to provide access to the controlled item 111, and (b) 

10 to provide an alert tone, like ringing a chime or a bell (not shown), to alert personnel in 
the vicinity of the receiver sub-system 117 that an unauthorised user is attempting to gain 
access to the controlled item 111. The alert bit can also cause a camera mounted near the 
controlled item 111 to photograph the unauthorised user for later identification of that 
person. The camera can be activated if the person attempting to gain access is 

15 unauthorised, and also if the person attempting to gain access is authorised but uses a 
duress signature. 

An optional additional step (not shown) can prepare an identification field for 
insertion into the access signal 108. This sends, to the receiver sub-system 117, ID 
information that the receiver sub-system can use to construct an audit trail listing which 
20 users, having signatures in the database lOS, have been provided with access to the 
controlled item 111. 

The process 600 is then directed to the step 610 which inserts the various user 
defined bits into the access signal 108 and sends the signal 108 to the receiver sub-system 
1 17. Thereafter, the process 600 is directed by an arrow 61 1 to 705 in Fig. 6. 
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Fig. 8 shows a process 800 for implemeating various enrolment procedures. The 
process 800 conunences at 706 from Fig. 6 after which a step 801 determines if the 
biometric signal is a first administrators input (which is the case if the database 105 is 
empty). If this is the case, then the process 800 is directed to a step 802 that stores the 

5 administrator's signature in the database 105. From a terminology perspective, this first 
administrator, or rather the first administrator's first finger (in the event that the biometric 
sensor 121 in Fig. 2 is a fingerprint sensor), is referred to as the "superfinger". Further 
administrator's fingers are referred to as admin-fingers, and ordinary users fingers are 
referred to merely as "fingers". The reason that someone would enrol more than one of 

10 their own fingers into the system is to ensure that even in the event that one of their 
enrolled fingers is injured, the person can still operate the system using another enrolled 
finger. 

It is noted that the step 802, as well as the steps 805, 807 and 809 mvolve 
sequences of finger presses on the biometric sensor 121 in conjunction with feedback 
15 signals from the LEDs 122 and/or the audio speaker 124. The process 800 then proceeds 
to a step 810 that determines if fiirther enrohnent procedures are required. If this is the 
case, then the process 800 proceeds by a YES arrow back to the step 801. If no fiirther 
enrolment procedures are required, then the process 800 proceeds by a NO arrow to 705 
in Fig. 6. 

20 Returning to the step 801, if the biometric signal is not a first administrator's 

signal, then the process 800 proceeds by a NO arrow to a step 803. The step 803 
determines if a fiarther administrator signature is to be stored. It is noted that all signatures 
stored in the database are tagged as belonging to one or more of the classes of 
administrator, ordinary user, and duress users. If a fiarther administrator signature is to be 
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Stored, then the process 800 proceeds by a YES arrow to the step 802 that stores the 
biometric signal as a further administrator's signature. 

If a further administrator's signature is not required, then the process 800 
proceeds according to a NO arrow to a step 804 that determines if a duress signature is to 
5 be stored. If this is the case then the process 800 follows a YES arrow to a step 805 that 
stores a duress signature. The process 800 then proceeds to the step 810. If however the 
step 804 determines that a duress signature is not required, then the process 800 proceeds 
by a NO arrow to s step 806. 

The step 806 determines if a further simple signature (ie belonging to an ordinary 
10 user) is to be stored. If a further simple signature is to be stored, then the process 800 
proceeds by a YES arrow to the step 807 that stores the biometric signal as a further 
ordinary signature. 

If a further simple signature is not required, thssa the process 800 proceeds 
according to a NO arrow to a step 808 that determines if any or all signatures are to be 

15 erased from the database 105. If this is the case then the process 800 follows a YES arrow 
to a step 809 that erases the desired signatures. The process 800 then proceeds to the step 
810. If however the step 804 determines that no signatures are to be erased, then the 
process 800 proceeds by a NO arrow to the step 810. 

Fig. 9 shows another enrolment process relating to the example of Fig, 6. The 

20 process 900 commences at 706 from Fig. 6 after which a step 901 determines if the 
received biometric signal comes from the first administrator. If this is the case, then the 
process 900 proceeds according to a YES arrow to a step 902. The step 902 emits an 
"Enrolment tone and flashes flie green LED once only. Thereafter, a step 905 reads the 
incoming biometric signal which is provided by the user as directed by the Amber LED. 

25 When the Amber LED flashes continuously, this directs the user to "Apply Finger". 
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When the Amber LED is in a steady illuminated state, this directs the user to 'Maintain 
Finger Pressure". Finally, when the amber LED is off, this directs the user to ^'Remove 
Finger". 

Returning to the step 901, if the incoming biometric signal does not belong to the 

5 first administrator, then the process 900 proceeds according to a NO arrow to a step 903. 
The step 903 emits an "Enrohnent" tone, and flashes the Red LED in an on-gomg fashion. 
Thereafter, the process 900 proceeds according to an arrow 904 to the step 905. 

Following the step 905, a step 906 determines whether the incoming biometric 
signal is legible. If this is not the case, then tiie process 900 proceeds according to a NO 

10 arrow to a step 907. The step 907 emits a "Rejection" tone, after which the process 900 is 
durected, according to an arrow 908 to 705 in Fig. 6. Returning to the step 906, if the 
incoming biometric signal is legible, then the process 900 follows a YES arrow to a step 
909. The step 909 determines whether the finger press exceeds a predetermined time. If 
this is not the case, then the process 900 follows a NO arrow to a step 910 which stores 

15 the biometric signal, which in the present case is a fingerprint signature. Thereafter the 
process 900 follows an arrow 91 1 to 705 in Fig, 6. 

Returning to the step 909 if the finger press does exceed the predetermined 
period, then the process follows a YES arrow to a step 912. The step 912 erases relevant 
signatures depending upon the attributes of the mcoming biometric signal. Thus, for 

20 example, if the incoming biometric signal belongs to an ordinary user, then the ordinary 
user's signature in the database 105 is erased by the step 912. If, on the other hand, the 
incoming biometric signal belongs to the first administrator, then all the signatures in the 
database 105 are erased. Administrators who are not the first administrator can be 
granted either the same powers as the first administrator in regard to erasure of signatures, 

25 or can be granted the same powers as ordinary user in this respect. 



wo 2005/018137 PCT/AU2004/001083 

-26- 

Once the step 912 has completed erasure of the relevant signatures, then the 
process 900 follows an arrow 913 to 705 in Fig. 6. 

Fig. 10 is a schematic block diagram of the system in Fig. 2. The disclosed 
secure access methods are preferably practiced using a computer system arrangement 

5 100', such as that shown in Fig. 10 wherein the processes of Figs. 3-4, and 6-9 may be 
implemented as software, such as application program modules executing within the 
computer system 100'. In particular, the method steps for providing secure access are 
effected by instructions in the software that are carried out under direction of the 
respective processor modules 107 and 109 in the transmitter and receiver sub-systems 116 

10 and 117. The instructions may be formed as one or more code modules, each for 
performing one or more particular tasks. The software may also be divided into two 
separate parts, in which a first part performs the provision of secure access methods and a 
second part manages a user interface between the first part and the user. The software 
may be stored in a computer readable medium, including the stomge devices described 

15 below, for example. The software is loaded into the transmitter and receiver sub-systems 
116 and 117 fi-om the computer readable medium, and then executed under direction of 
the respective processor modules 107 and 109. A computer readable medium having 
such software or computer program recorded on it is a computer program product. The 
use of the computer program product in the computer preferably effects an advantageous 

20 apparatus for provision of secure access. 

The following description is directed primarily to the transmitter sub-system 116, 
however the description applies in general to the operation of the receiver sub-system 
117. The computer system 100* is formed, having regard to the transmitter sub-system 
116, by the controller module 107, input devices such as the bio sensor 121, output 

25 devices including the LED display 122 and the audio device 124. A communication 
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interface/transceiver 1008 is used by the controller module 107 for communicating to and 
jfrom a communications network 1020. Although Fig, 2 shows the transmitter sub-system 
116 communicating with the receiver sub-system 117 using a direct wireless link for flie 
access signal 108, this link used by the access signal 108 can be effected over the network 
5 1020 forming a tandem link comprising 108-1020-108'. The aforementioned 
communications capability can be used to effect contmiunications between the transmitter 
sub-system 116 and the receiver sub-system 117 either directly or via the Internet, and 
other network systems, such as a Local Area Network (LAN) or a Wide Area Network 
(WAN). 

10 The controller module 107 typically includes at least one processor unit 1005, and a 

memory unit 1006, for example formed from semiconductor random access memory 
(RAM) and read only memory (ROM). The controller module 107 also includes an 
number of input/output (I/O) interfaces including an audio-video interface 1007 that 
couples to the LED display 122 and audio speaker 124, an I/O interface 1013 for the bio- 

15 sensor 121, and the interface 1008 for communications. The components 1007, 1008, 
1005, 1013 and 1006 the controller module 107 typically communicate via an 
intercoimected bus 1004 and in a manner which results in a conventional mode of 
operation of the controller 107 known to those in the relevant art. 

Typically, the application program modules for the transmitter sub-system 116 are 

20 resident in the memory 1006 iROM, and are read and controlled in their execution by the 
processor 1005. Intermediate storage of the program and any data fetched from the bio 
sensor 121 and the network 1020 may be accomplished using the RAM in the 
semiconductor memory 1006. Jn some instances, the application program modules may 
be supplied to the user encoded into the ROM in the memory 1006. Still further, the 

25 software modules can also be loaded into the transmitter sub-system 116 from other 
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computer readable media, say over the network 1020. The term "computer readable 
medium" as used herein refers to any storage or transmission medium that participates in 
providing instructions and/or data to the transmitter sub-system 116 for execution and/or 
processing. Examples of storage media include floppy disks, magnetic tape, CD-ROM, a 

5 hard disk drive, a ROM or integrated circuit, a magneto-optical disk, or a computer 
readable card such as a PCMCIA card and the like, whether or not such devices are 
mtemal or external of the transmitter sub-system 116. Examples of transmission media 
include radio or infra-red transmission channels as well as a network connection to 
another computer or networked device, and the Intemet or Intranets including e-mail 

10 transmissions and information recorded on Websites and the like. 

Industrial Applicability 
It is apparent from the above that the arrangements described are applicable to 
the security industry. 

The foregoing describes only some embodiments of the present invention, and 

15 modifications and/or changes can be made thereto without departing from the scope and 
spirit of the invention, the embodiments being illustrative and not restrictive. 

The system 100 can also be used to provide authorised access to hghting 
systems, building control devices, exterior or remote devices such as air compressors and 
so on. The concept of "secure access" is thus extendible beyond mere access to restricted 

20 physical areas. 



